VYPR

rpm package

opensuse/govulncheck-vulndb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed

Vulnerabilities (690)

  • CVE-2018-1002101Dec 5, 2018
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.

  • CVE-2018-19184Nov 12, 2018
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.

  • CVE-2018-16733HigSep 8, 2018
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.

  • CVE-2018-1002100MedJun 2, 2018
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.

  • CVE-2017-1002102HigMar 13, 2018
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.

  • CVE-2017-14992MedNov 1, 2017
    affected < 0.0.20250424T181457-1.1fixed 0.0.20250424T181457-1.1

    Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

  • CVE-2015-7561LowAug 7, 2017
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

  • CVE-2017-1000056CriJul 17, 2017
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

  • CVE-2017-9232CriMay 28, 2017
    affected < 0.0.20250424T181457-1.1fixed 0.0.20250424T181457-1.1

    Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

  • CVE-2016-9962MedJan 31, 2017
    affected < 0.0.20250807T150727-1.1fixed 0.0.20250807T150727-1.1

    RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to conta

Page 35 of 35